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DETAILED ACTION 



1 . Claims 1 -26 are pending in this office action. 



2. Applicant's arguments, filed May 3, 2005, have been considered and are 
persuasive. However, a new ground of rejection has been made in view of Allen et al. 

Claim Rejections 

3. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 



Claim Rejections - 35 USC § 102 

4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21 (2) 
of such treaty in the English language. 

5. Claims 1, 3-5. 7. 13, 14, 17. 22. and 25 are rejected under 35 U.S.C. 102(e) as 



being anticipated by Allen et al. (U.S. Patent Publication No. 2002/0068629 A1). 
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Regarding claim 1 . Allen et al. teaches a method of conducting a secure 
transaction with an on-line service while offline comprising the steps of: 

• Issuing a transaction authorization token to a user from an application server for 
the on-line service while the user is online (fig. 3 and fig. 4, ref. num 424/426); 

• Preparing an off-line transaction object containing data to specify and request the 
transaction (all of fig. 5); 

• Sending a message to the on-line service, said message containing the 
transaction object and the authorization token (fig. 6, ref. num 610 and fig. 3); 

• Upon receipt of the message, the application server validating the token to 
authenticate the user and to authorize the transaction (fig. 6, ref. num 612); and 

• Executing the transaction object if the transaction is authorized (fig. 6, ref. num 
614/618). 

Regarding claim 3 , Allen et al. teaches wherein the token is issued to the user via 
a download operation while the user is on-line (fig. 4, ref. num 426). 

Regarding claim 4 . Allen et al. teaches wherein the user prepares the transaction 
object off-line (paragraph 0043). 

Regarding claim 5 . Allen et al. teaches wherein the on-line service comprises the 
application server, and the user requests the token for the transaction from the 
application server (fig. 4, ref. num 424/426 and paragraph 0040). 
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Regarding claim 7 . Allen et al. teaches wherein the token comprises a unique 
identifier that is generated by the on-line service when the token is issued (fig. 3, ref. 
num 320). 

Regarding claim 13 , Allen et al. teaches wherein the token includes data 
representing a time period during which the token is valid (end of paragraph 0052). 

Regarding claim 14 . Allen et al. teaches wherein the token includes data 
representing a valid access duration for the token (end of paragraph 0052). 

Regarding claim 17 . Allen et al. teaches further comprising encrypting the 
transaction object (paragraph 0040). 

Regarding claim 22 . Allen et al. teaches wherein the application server is a web- 
based application server (paragraph 0019). 

Regarding claim 25 . Allen et al. teaches further comprising authenticating the 
user with a password and a network identity while the user is accessing the on-line 
service (paragraph 0035). 
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Claim Rejections - 35 USC § 103 

6. Claims 2. 6. 9-12. 15. 16. 19-21. 23. 24. and 26 are rejected under 35 U.S.C. 
103(a) as being unpatentable over Allen et al. (USPGPUB '629) in view of Fischer (U.S. 
Patent Publication No. 2002/0010638 A1). 

Regarding claim 2 . Allen et al. teaches all the limitations of claim 2, above. 
However, Allen et al. does not teach wherein the token is issued to the user via an e- 
mail message sent from the application server. 

Fischer teaches wherein the token is issued to the user via an e-mail message 
sent from the application server (paragraph 0025). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine issuing the token via an e-mail message sent from the 
application server, as taught by Fischer , with the method of Allen et al. It would have 
been obvious for such modifications because sending tokens via e-mail provides a user 
the credentials required for secure processing that can be saved and used at a later 
time. This is similar to a user signing up for a service (hotmail.com for example) and 
receiving an e-mail message with the login credentials in the e-mail message. 



Regarding claim 9 , the combination of Allen et al. in view of Fischer teaches 
wherein the application server receives an incoming message including the token, 
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checks the token for validity, and accepts or rejects the token (see fig. 6, ref. num 614 of 
Allen et al.). 

Regarding claim 10 . the combination of Allen et al. in view of Fischer teaches 
wherein the message delivering the token and off-line transaction from the user to the 
application server is an e-mail message delivered to the application server via an 
asynchronous e-mail delivery method (see paragraph 0005 of Fischer). 

Regarding claim 1 1 . the combination of Allen et al. in view of Fischer teaches 
where the asynchronous delivery mechanism is database record synchronization (see 
paragraph 0034 of Fischer). 

Regarding claim 12 . the combination of Allen et al. in view of Fischer teaches 
where the asynchronous e-mail delivery method comprises a synchronization of data 
between a portable computing device and an on-line service (see paragraph 0022 of 
Fischer). 

Regarding claim 21 . the combination of Allen et al. in view of Fischer teaches 
wherein the application server ensures that the token can only be used once by 
authorizing a specific transaction by a specific user on specific data objects (see fig. 3, 
ref. num 318/320 and paragraph 0048 of Allen et al.). 
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Regarding claim 6 , Allen et al. teaches all the limitations of claims 1 and 5, 
above. However, Allen et al. does not teach wherein the application server accesses a 
database. 

Fischer teaches wherein the application server accesses a database (paragraph 

0034). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine accessing a database, as taught by Fischer , with the 
method of Allen et al. It would have been obvious for such modifications because the 
database contains products to be ordered, by accessing the database, correct 
quantities can be obtained. 

Regarding claim 15 . Allen et al. teaches all the limitations of claim 1 , above. 
However, Allen et al. does not teach wherein the token specifies an e-mail audit 
signature, and said token is valid only if the transaction is sent from an e-mail program 
via an e-mail delivery path that matches the e-mail audit signature. 

Fischer teaches wherein the token specifies an e-mail audit signature, and said 
token is valid only if the transaction is sent from an e-mail program via an e-mail 
delivery path that matches the e-mail audit signature (paragraph 0025). 
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It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine an e-mail audit signature for verifying the token, as 
taught by Fischer with the method of Allen et al. It would have been obvious for such 
modifications because the audit signature prevents intruders from using a different e- 
mail address to trick the system into thinking the intruder is authorized. 

Regarding claim 16 , the combination of Allen et al. in view of Fischer teaches 
wherein an e-mail address to which the message is sent varies according to an 
authorized data object and transaction type (see paragraph 0025 of Fischer). 

Regarding claim 19 , Allen et al. teaches all the limitations of claim 1, above. 
However, Allen et al. does not teach wherein the token is contained in a body or a 
header of an e-mail message. 

Fischer teaches wherein the token is contained in a body or a header of an e- 
mail message (paragraph 0025). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine the token contained in a body or header of an e-mail 
message, as taught by Fischer with the method of Allen et al. It would have been 
obvious for such modifications because containing the token in the body of an e-mail 
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message provides further authentication and authorization (see paragraph 0025 of 
Fischer). 

Regarding claim 20 , Allen et al. teaches all the limitations of claim 1 , above. 
However, Allen et al. does not teach wherein the token and the transaction object are 
attachments to an e-mail message. 

Fischer teaches wherein the token and the transaction object are attachments to 
an e-mail message (paragraph 0025). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine the token and transaction object are attachments to an 
e-mail message, as taught by Fischer , with the method of Allen et al. It would have 
been obvious for such modifications because containing the token as an attachment of 
an e-mail message provides further authentication and authorization (see paragraph 
0025 of Fischer). 

Regarding claim 23 , Allen et al. teaches all the limitations of claim 1 , above. 
However, Allen et al. does not teach whereon said transaction is selected from the 
group consisting of a database modification, update, adding a file, and editing a file. 
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Fischer teaches whereon said transaction is selected from the group consisting 
of a database modification, update, adding a file, and editing a file (paragraph 0022). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine transactions consisting of modifications, updating, 
adding a file, and editing a file, as taught by Fischer with the method of Allen et al. It 
would have been obvious for such modifications because editing a file allows the user to 
obtain the exact purchase order desired by the user. 

Regarding claim 24 , the combination of Allen et al. in view of Fischer teaches 
further comprising checking out a file, editing the file off-line, and checking in the file as 
an e-mail attachment (see fig. 4, ref. num 64/66/68 of Fischer). 

Regarding claim 26 , Allen et al. teaches all the limitations of claim 1 , above. 
However, Allen et al. does not teach wherein the user comprises a software agent that 
conducts the transaction on behalf of the user. 

Fischer teaches wherein the user comprises a software agent that conducts the 
transaction on behalf of the user (paragraph 0020). 



It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine a software agent that conducts transactions on behalf 
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of the user, as taught by Fischer , with the method of Allen et al. It would have been 
obvious for such modifications because a software agent provides an automated 
process for the user to order products from a vendor. 

Claims 8 and 18 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Allen et al. (USPGPUB '629) in view of Konheim et al. (U.S. Patent No. 4,393,269). 

Regarding claim 8 . Allen et al. teaches all the limitations of claim 1 , above. 
However, Allen et al. does not teach wherein the token is a one-way encryption of at 
least one of an identity of the user, a transaction type, and a data object for which the 
transaction is authorized. 

Konheim et al. teaches wherein the token is a one-way encryption of at least one 
of an identity of the user, a transaction type, and a data object for which the transaction 
is authorized (col. 23, lines 52-62). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine an one-way encryption of the identity to create the 
token, as taught by Konheim et al. . with the method of Allen et al. It would have been 
obvious for such modifications because the one-way encryption of the identity provides 
a method for verifying both the content of the transaction and the parties involved (see 
abstract of Konheim et al.). 
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Regarding claim 1 8 , Allen et al. teaches all the limitations of claims 1 and 17, 
above. However, Allen et al. does not teach wherein said encrypting comprises issuing 
a temporary public key that is a one-way encryption function of an address to which the 
transaction is to be sent for encryption of the transaction object. 

Konheim et al. teaches wherein said encrypting comprises issuing a temporary 
public key that is a one-way encryption function of an address to which the transaction 
is to be sent for encryption of the transaction object (col. 23, lines 52-62). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine using an one-way encryption function for encrypting 
the transaction object, as taught by Konheim et al. . with the method of Allen et al. It 
would have been obvious for such modifications because the one-way encryption of the 
identity provides a method for verifying both the content of the transaction and the 
parties involved (see abstract of Konheim et al.). 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Brandon S. Hoffman whose telephone number is 571- 
272-3863. The examiner can normally be reached on M-F 8:30 - 5:00. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). Jl A 
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SUPERVISORY PATENT EXAMINER 
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